Open AccessDynamic API call sequence visualisation for malware classification
Author(s) -
Tang Mingdong,
Qian Quan
Publication year - 2019
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2018.5268
Subject(s) - malware , computer science , artificial intelligence , convolutional neural network , visualization , signature (topology) , feature (linguistics) , pattern recognition (psychology) , machine learning , obfuscation , feature extraction , data mining , computer security , mathematics , linguistics , philosophy , geometry
Due to the development of automated malware generation and obfuscation, traditional malware detection methods based on signature matching have limited effectiveness. Thus, a novel approach using visualisation and deep learning technology can play an important role in malware detection and classification. In this study, the authors extract sequences of API calls using dynamic analysis and then use colour mapping rules to create feature images representing malware behaviour. Finally, they train a convolutional neural network to classify different feature images with 9 malware families, and 1000 variants in each family. Experimental results show the effectiveness of the authors’ method. The classification TPR, precision, recall and F1 are all >99%, while the FPR is <0.1%.